---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.10.0
  labels:
    gatekeeper.sh/system: "yes"
  name: assignimage.mutations.gatekeeper.sh
spec:
  group: mutations.gatekeeper.sh
  names:
    kind: AssignImage
    listKind: AssignImageList
    plural: assignimage
    singular: assignimage
  preserveUnknownFields: false
  scope: Cluster
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: AssignImage is the Schema for the assignimage API.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            properties:
              name:
                maxLength: 63
                type: string
            type: object
          spec:
            description: AssignImageSpec defines the desired state of AssignImage.
            properties:
              applyTo:
                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
                items:
                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
                  properties:
                    groups:
                      items:
                        type: string
                      type: array
                    kinds:
                      items:
                        type: string
                      type: array
                    versions:
                      items:
                        type: string
                      type: array
                  type: object
                type: array
              location:
                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].image`.'
                type: string
              match:
                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
                properties:
                  excludedNamespaces:
                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
                    items:
                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
                      pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
                      type: string
                    type: array
                  kinds:
                    items:
                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
                      properties:
                        apiGroups:
                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
                          items:
                            type: string
                          type: array
                        kinds:
                          items:
                            type: string
                          type: array
                      type: object
                    type: array
                  labelSelector:
                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
                    properties:
                      matchExpressions:
                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                        items:
                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
                          properties:
                            key:
                              description: key is the label key that the selector applies to.
                              type: string
                            operator:
                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
                              type: string
                            values:
                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
                              items:
                                type: string
                              type: array
                          required:
                          - key
                          - operator
                          type: object
                        type: array
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                        type: object
                    type: object
                  name:
                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
                    pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
                    type: string
                  namespaceSelector:
                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
                    properties:
                      matchExpressions:
                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
                        items:
                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
                          properties:
                            key:
                              description: key is the label key that the selector applies to.
                              type: string
                            operator:
                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
                              type: string
                            values:
                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
                              items:
                                type: string
                              type: array
                          required:
                          - key
                          - operator
                          type: object
                        type: array
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                        type: object
                    type: object
                  namespaces:
                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
                    items:
                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
                      pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$
                      type: string
                    type: array
                  scope:
                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
                    type: string
                  source:
                    description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.
                    enum:
                    - All
                    - Generated
                    - Original
                    type: string
                type: object
              parameters:
                description: Parameters define the behavior of the mutator.
                properties:
                  assignDomain:
                    description: AssignDomain sets the domain component on an image string. The trailing slash should not be included.
                    type: string
                  assignPath:
                    description: AssignPath sets the domain component on an image string.
                    type: string
                  assignTag:
                    description: AssignImage sets the image component on an image string. It must start with a `:` or `@`.
                    type: string
                  pathTests:
                    items:
                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
                      properties:
                        condition:
                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
                          enum:
                          - MustExist
                          - MustNotExist
                          type: string
                        subPath:
                          type: string
                      type: object
                    type: array
                type: object
            type: object
          status:
            description: AssignImageStatus defines the observed state of AssignImage.
            properties:
              byPod:
                items:
                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
                  properties:
                    enforced:
                      type: boolean
                    errors:
                      items:
                        description: MutatorError represents a single error caught while adding a mutator to a system.
                        properties:
                          message:
                            type: string
                          type:
                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
                            type: string
                        required:
                        - message
                        type: object
                      type: array
                    id:
                      type: string
                    mutatorUID:
                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
                      type: string
                    observedGeneration:
                      format: int64
                      type: integer
                    operations:
                      items:
                        type: string
                      type: array
                  type: object
                type: array
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
